output database - log vs. alert

["Zondlo, Zack" <ZZondlo () acmail aclink org>]

Hello all. Simple question here, what is the difference between choosing
log and alert in the output database section of snort.conf. I have a
sensor I need to minimize traffic from but would prefer to keep
relatively sensitive ,i.e not cut too many rules out, and was thinking
this might be a way.
 
Example:
 
Output database: log, mysql, user....
 
Output databse: alert, mysql, user...
 
Also, how do I control how log files are written to /var/log/snort?  i.e
just one big alert file vs. multiple folders - one per ip address